[Owasp-leaders] Owasp projects reboot

Tobias tobias.gondrom at owasp.org
Sat Mar 31 16:06:45 UTC 2012


Hi Eoin,

hm, interesting question.

Maybe before I answer, two remarks:
- on a strategic level I would like to see us strengthen more the 
projects aimed at developers and industry (as this is where our 
expertise can scale up to the millions of applications out there...).
- some of the projects that I find very important do not always require 
big funding but sometimes maybe only a bit more marketing. Funding does 
not drive the project, but people do. Though obviously money helps. ;-)

The top 6 projects I really like are:
1. OWASP Secure Coding Practices - Quick Reference Guide  (but I don't 
think it needs funding, only more marketing from us!)
2. OWASP Top Ten (this may sound boring, but we should start working on 
an update 2012 soon!) => and we should think about other Top-10s (for 
mobile applications and cloud web applications). People are gonna love 
that. ;-)
3. Cheat Sheets: => updates
4. OWASP Development Guide: update  (though I am concerned about this 
project as it is huge and possibly hard to handle from a project 
management as well as from an end user/reader perspective.)
5. WebGoat (don't think we need lot of investment here, as it is already 
very useful)
6. OWASP AppSensor Project: this project does not necessarily have a big 
lighthouse effect for OWASP, but it is so innovative, that I just love 
the idea! (things to do might be lighter and specific deployment package 
by reducing dependency on ESAPI, integration into reporting 
collection&consolidation systems, ...)

Just my 5cents, Tobias


On 31/03/12 15:31, Dennis Groves, MSc wrote:
>
> +1
>
> On 31 Mar 2012, at 14:46, Jim Manico wrote:
>
>> Yah Eoin, I have a real problem with being vocal... *cough*
>>
>> Anyhow. I think we should reduce scope a little here. I say, let's 
>> just focus on the three main guides for pass one and see how that 
>> goes before further investment. These three really are the core of 
>> OWASP and they are crusty at best.
>>
>> Testing guide
>> Development Guide
>> Code Review Guide
>>
>> That's my 2 cents. You asked! :D
>>
>> Aloha Eoin and team,
>> -- 
>> Jim Manico
>>
>> Connections Committee Chair
>> Cheatsheet Series Product Manager
>> OWASP Podcast Producer/Host
>>
>> jim at owasp.org
>> www.owasp.org
>>> Thanks jim,
>>> Leaders let ur voice be heard.
>>>
>>>
>>> I'll compile votes on tuesday and announce which projects make the 
>>> initial cut for the first round of funding&  reboot!!!!
>>>
>>> These projects shall be included in the proposal for the board.
>>>
>>> Leaders, I ask you all to support this initiative.
>>>
>>> "we are nothing without our projects"
>>>
>>>
>>>
>>> Eoin Keary
>>> BCC Risk Advisory
>>> Owasp Global Board
>>> +353 87 977 2988
>>>
>>>
>>> On 31 Mar 2012, at 13:56, Jim Manico<jim at manico.net>  wrote:
>>>
>>>> My vote:
>>>>
>>>> Testing guide
>>>> Development Guide
>>>> Code Review Guide
>>>> App Sensor
>>>> ZAP
>>>> Cheet Sheets
>>>>
>>>> -- 
>>>> Jim Manico
>>>>
>>>> Connections Committee Chair
>>>> Cheatsheet Series Product Manager
>>>> OWASP Podcast Producer/Host
>>>>
>>>> jim at owasp.org
>>>> www.owasp.org
>>>>
>>>>> Hello leaders,
>>>>> I am developing a proposal to be put to the board next week in 
>>>>> relation to rebooting a number of dormant owasp projects or 
>>>>> improving current owasp projects to "production quality" items.
>>>>>
>>>>> Question: May I kindly ask what projects do you think are the 6 
>>>>> most important projects within the foundation???
>>>>>
>>>>> Can you respond with your top 6 by Monday, sorry for being 
>>>>> demanding :)
>>>>>
>>>>> (My choices are: testing guide, development guide, code review 
>>>>> guide, O2, Zap, cheat sheets.)
>>>>>
>>>>> "we are nothing without our projects."
>>>>>
>>>>> Eoin.
>>>>>
>>>>>
>>>>> Eoin Keary
>>>>> Owasp Global Board
>>>>> +353 87 977 2988
>>>>>
>>>>> _______________________________________________
>>>>> OWASP-Leaders mailing list
>>>>> OWASP-Leaders at lists.owasp.org
>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>



More information about the OWASP-Leaders mailing list